Archives de la catégorie : A voir

Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the markup language Edge Side Includes (ESI), a language used in many popular HTTP surrogates (reverse proxies, load balancers, caching servers, proxy servers). We identified that successful ESI attacks can lead to Server Side Request Forgery…

Salut les gars! Juste une sauvegarde d’un petit article super intéressant sur les différentes techniques d’énumérations de sous-domaines. A penetration tester’s guide to sub-domain enumeration As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a security assessment.…

DNSChanger causes network computers to visit fraudulent domains. As you read these words, malicious ads on legitimate websites are targeting visitors with malware. But that malware doesn’t infect their computers, researchers said. Instead, it causes unsecured routers to connect to fraudulent domains. Using a technique known as steganography, the ads hide malicious code in image…

macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches. Anyone including, but…